9/8/2013 SEC280 Case Study Week 1 Case Study: Ping Sweeps and Port Scans Ping sweeps and port scans are not an immediate threat to the company. While it may be used by an attacker to build a profile against the company, it can also be used by an administrator to gather information about the company. Although it is not an immediate threat, it should still be monitored for potential threats because it is a common way for hackers to attempt to break a network. In the following document, more will be discussed about what ping sweeps and port scans are and how they are used to gather information about a company’s network. What is a ping sweep and how does it work?
It’s imperative that we not only protect against these types of activities on the network, but that we also conduct them ourselves. Ping sweeps are what they sound like. They’re a regular ping that almost anyone in the IT field uses as a basic troubleshooting step but, they are conducted across an entire range of addresses. Whereas a normal administrator would only ping one or two destinations, a malicious user may conduct a ping sweep to find every endpoint on a network that they are allowed a connection to. Most utilities that perform this operation can also perform a DNS lookup on all the IP addresses as well to produce the end points names.
Role in Information Technology Security Domains and Auditing Compliance Framework 1: First NIST’s 800-53 is a good starting point. It addresses Federal Information Security Management. however it may not completely meet the needs of the Defence Spectrum Organization in regards to wireless communications security. This framework is well known and can be used by external entities to determine possible weaknesses in the framework. Framework 2: ISO/IEC 27002 Is also an improvement on the framework in that they are not public and an organization must pay for the use of the copyrighted framework.
Check with the remote system’s administrator to find out if something changed. If everything seems to be in order, remove the remote system’s key from the file specified in the error message and try logging in on the remote system using ssh. You can use ssh-keygen with the –R option followed by the name of the remote system to remove hashed entries. 1. What is the difference between scp and sftp utilities?
It has been pointed out “Many companies are unaware of the risks involved with being active in the social media space, and they are even less aware of the risks their own employees behavior poses” (Hubbard, 2012, p. 50). Breuer (2013) contends all organizations should have a clearly defined social media policy outlining the rules and expectations set forth by the company, being mindful of the potential legal ramification should issues arise. It is essential as Stone Goose launches its new marketing initiative and becomes actively involved in online social media that they have a comprehensive social media policy in place to protect the organization, customers, and employees ensuring optimization of the benefits social media has to offer while
6. Hardwood may consider purchasing a vendor developed access security software package to strengthen on-line security beyond the features currently provided by the operation software’s security features. 7. Restrict programmer access to test copies of software programs for only those programs that have been authorized for program change. Access to
Reid should have known whether or not Google had an Alternate Dispute Resolution plan. Google should have had training with all employees ensuring that they understood what the ADR is and (assuming they have) that any time a manager is needed to hear a complaint they have an “open door policy”. Google should have made sure that the managers who the employees were to go to were trustworthy to hear the complaints employees are bringing to them and expecting action. It is possible that Reid went to a manager about these statements and his privacy wasn’t respected. Google should have ensured that only as needed managers were involved, if this were the case.
Typical Approaches to Computer Security Modern computer users rely on three security approaches to safeguard their most private information. A person will utilize security features founded on prevention, deterrence, or admonition. Currently, software of today was developed with only one of these approaches in mind. Therefore, the user’s computer applications determine which type of approach to implement based on their need. For the average user a simple anti-virus system is all that is needed however, for a large cooperation more complex systems are necessary to safe guard concepts of operations and private personnel information.
Abstract. The most common ways to keep track of employees is video surveillance, monitoring e-mails, keeping track of pages visited on the Internet and anything else that happens on computer, fixing the time of arrival and departure from work, listen to and record telephone conversations. Some of these methods are quite obvious for employees - for example, time-stamping, but some are hidden and may be disturbing to learn about. Business conduct surveillance not just to protect their employees and property, but to insure that procedures that are in place are being followed and to have a control over the business environment. That invasion of privacy can be justified by employer, but can also be an offense to employee.
So when your internet provider wants to get a list of all the sites you visited, it will appear that you connected to just one server. Plus, all the data that flows through your VPN channel is encrypted so unauthorized parties can’t access it. This is especially useful when you are using public Wi-Fi. A downside to using this network is you might not be able to use certain websites and services. Another option is to use Tor, a free browser run by a research-education non-profit organization called the Tor Project.